On 08-Feb-20 03:58, Toerless Eckert wrote: <snip> > Sure, and i am going to run a hacked ACP node thats announcing in GRASP > to be the "best-ever" node to provide that service ;-) How to you > prohibit me to happen ? -> Anser: i dont have a fitting certificate, or > there is some ACP crowd intelligence that says i am untrustworthy.
I don't see how you can get away from asymmetric crypto to do that. An ASA comes up and says 'I support "DANGER"', which is a GRASP objective for doing something very dangerous. Take a concrete example: 'I support "PrefixManager"', which is defined in draft-ietf-anima-prefix-management and will be in an RFC one day soon. So this ASA needs to be trusted to allocate or assign IP address space. How can we check this is OK? As far as I can see, only if we have previously decided to trust any PrefixManager ASA that can prove possession of a given private key, or more precisely one of a given set of private keys. In practical reality, I'm sure operators will want to install identical binaries of a given ASA on multiple autonomic nodes. So the private key will be scattered around the autonomic domain. My guess is that a lot of operators would not see this as any better than just trusting the nodes, not the individual ASAs. Brian _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima